Experience
8 yrs required
Location
Austin, TX, United States
Posted on
Nov 24, 2022
Profile
Director - GRC Third Party Technology Risk
The candidate will manage a team of highly focused analysts of varying skill level and domain knowledge (from new associate to senior with 10+ years of experience). Work with each one to bring optimal results, while ensuring career growth and personal achievement. Lead risk/security assessments of suppliers and Third Parties to identify, validate, and remediate Cybersecurity Risks. Plan, coordinate, and lead onsite assessments of Third Parties against the firm's security framework and industry security standards. Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Identify, prioritize, and pursue opportunities to enhance the firm's 3PTRM processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness. Contribute towards process improvement of team processes, templates, and tools. Develop trusted relationships with Business Partners, the firm IT Executives, Security & Compliance Officers, and other teams. Be up to date on the broader regulatory landscape affecting the firm business areas, remain current with emerging regulatory sentiments as well as solution trends in the marketplace. Should have 10+ years of work experience with Bachelor’s Degree or 8+ years of work experience with an Advanced Degree (e.g. Masters/ MBA/JD/MD) or at least 3 years of work experience with a Ph.D. Degree. Should preferably have 12+ years of work experience with Bachelor’s Degree or 8-10 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 6+ years of work experience with a Ph.D. is required. Experience conducting third party assessment covering various Cybersecurity domains including, but not limited to, security architecture, access management, security incident management, secure software development, network security, and cryptography is required. Excellent working knowledge of industry and regulatory standards and oversight regimes, such as PCI, ISO 27000 series, FFIEC examinations, NIST 800-53, GDPR, GLBA, etc. is required. Prior knowledge of Cybersecurity in the Payments industry is highly desirable. CISSP, CISM, or similar is preferred.
Company info
Sign Up Now - EmploymentCrossing.com